<?php
  /*
   +--------------------------------------------------------------------------
   |   phpBIZ v3.0  full version
   |   ========================================
   |   by taft@wjl.cn yejun@wjl.cn
   |   http://www.phpbiz.cn http://www.wjl.cn
   |   all rights reserved
   +---------------------------------------------------------------------------
   |
   |   > 最后修改日期：2005-4-30 2006-2-8
   |
   +--------------------------------------------------------------------------
  */
!class_exists('Debug') && exit('Forbidden');
$log = new Login;
class Login
{
  function Login()
  {
    global $INCOME;

    //---------------------------------------
    // Kill globals - globals bad, Homer good.
    //---------------------------------------
		
    $tmp_in = array_merge( $_GET, $_POST, $_COOKIE );
		
    foreach ( $tmp_in as $k => $v )
      {
	unset($$k);
      }
		
    //---------------------------------------

    switch($INCOME['code'])
      {
      case '00':
	$this -> login_form();
	break;
      case '01':
	$this -> do_login();
	break;
      case '02':
	$this -> do_logout();
	break;
      default:
	$this -> login_form();
	break;
      }

  }

  function login_form( $notify ="")
  {
    global $INCOME,$BIZ;

    //+--------------------------------------------
    //| banned IP checking....
    //+--------------------------------------------


    //+--------------------------------------------
    if( $notify ) $BIZ -> assign( "notify", $notify);
	 
    $BIZ -> output("Login.tpl");
  }
   
  function do_login()
  {
    global $INCOME,$BIZ,$DB,$reputedb;

	   	
    /*auth code */
    session_start();
    if(md5($INCOME['acode']) != $_SESSION['authcode'])
      $BIZ -> error("验证码错误！");
    else
      unset($_SESSION['authcode']);
    //-------------------------------------------------
    // More unicode..
    //-------------------------------------------------
		
    $len_u = $BIZ->txt_stripslashes($_POST['SellerA']);
		
    $len_u = preg_replace("/&#([0-9]+);/", "-", $len_u );
		
    $len_p = $BIZ->txt_stripslashes($_POST['SellerP']);
		
    $len_p = preg_replace("/&#([0-9]+);/", "-", $len_p );

    //-------------------------------------------------
    // Make sure the username and password were entered
    //-------------------------------------------------

    if ($_POST['SellerA'] == "")
      {
	$BIZ->error( "用户名为空","?act=Login&amp;code=00" );
      }
    
    if ($_POST['SellerP'] == "")
      {
	$BIZ->error( "密码为空","?act=Login&amp;code=00" );
      }
		
    //-------------------------------------------------
    // Check for input length
    //-------------------------------------------------
		
    if (strlen($len_u) > 32)
      {
	$BIZ->error( "用户名太长","?act=Login&amp;code=00" );
      }
		
    if (strlen($len_p) > 32)
      {
	$BIZ->error( "密码太长","?act=Login&amp;code=00" );
      }
		
    $seller_logaccount    = strtolower(str_replace( '|', '&#124;', $INCOME['SellerA']) );
    $seller_password    = md5( $INCOME['SellerP'] );

    //-------------------------------------------------
    // Attempt to get the user details
    //-------------------------------------------------
		
    $DB->db_query("SELECT seller_id, seller_logaccount, seller_password,seller_ban_status FROM biz_seller WHERE LOWER(seller_logaccount)='$seller_logaccount' LIMIT 1");
		
	
    if ( $DB->db_fetch_num() )
      {
	$seller = $DB->db_fetch_row();

	if ( empty($seller['seller_id']) or ($seller['seller_id'] == "") )
	  {
	    $BIZ->error( '用户名不存在' );
	  }
			
	if ($seller['seller_password'] != $seller_password)
	  {
	    $BIZ->error( '错误：密码错误' );
	  }

	if($seller['seller_ban_status'] =='on')
	  {
	    $BIZ->error( '错误：该用户已被管理员禁止' );
	  }
			
	//------------------------------
			
	if ($INCOME['CookieDate'])  //保存cookie开关
	  {
	    $BIZ->my_setcookie("seller_id"   , $seller['seller_id'], 1);
	    $BIZ->my_setcookie("pass_hash"   , $seller_password, 1);
	  }

	//------------------------------
			
	$poss_session_id = "";
			
	if ( $BIZ->my_getcookie('session_id') )
	  {
	    $poss_session_id = $BIZ->my_getcookie('session_id');
	  }
	else if ( $INCOME['s'] )
	  {
	    $poss_session_id = $INCOME['s'];
	  }

	if ($poss_session_id)
	  {
	    $session_id = $poss_session_id;
				
	    // Delete any old sessions with this users IP addy that doesn't match our
	    // session ID.
				
	    $DB->db_query("DELETE FROM biz_session WHERE ip_address='".$INCOME['IP_ADDRESS']."' AND id <> '$session_id'");
	    echo "1";
	    $db_string = $DB->db_compile_update_fields( array (
							       'seller_logaccount'  => $seller['seller_logaccount'],
							       'seller_id'    => $seller['seller_id'],
							       'running_time' => time(),
							       )       );
														  
	    $db_query = "UPDATE biz_session SET $db_string WHERE id='".$session_id."'";
				
	  }
	else
	  {
	    $session_id = md5( uniqid(microtime()) );
				
	    // Delete any old sessions with this users IP addy.
				
	    $DB->db_query("DELETE FROM biz_session WHERE ip_address='".$INCOME['IP_ADDRESS']."'");
	    $db_string = $DB->db_compile_fields( array (
							'id'           => $session_id,
							'seller_logaccount'  => $seller['seller_logaccount'],
							'seller_id'    => $seller['seller_id'],
							'running_time' => time(),
							'ip_address'   => substr($INCOME['IP_ADDRESS'], 0, 50),
							)       );
	    $db_query = "INSERT INTO biz_session (" .$db_string['fields']. ") VALUES (". $db_string['value'] .")";

	  }
			
	$DB->db_query( $db_query );

	$DB->db_query("UPDATE biz_seller SET seller_log_count=seller_log_count+1, seller_last_time='".time()."',seller_ip='".$INCOME['IP_ADDRESS']."' WHERE seller_id='".$seller['seller_id']."'" ); 

	$BIZ->seller =           $seller;
	$BIZ->session_id       = $session_id;
	$BIZ -> update_repute('login_add');
	$BIZ->my_setcookie("session_id", $BIZ->session_id, -1);
      }
    else
      {
	$BIZ->error( '错误：用户名不存在' );		
      }
	
    $BIZ ->assign("seller",$seller);
    print_r($seller);
    $BIZ ->redirect_screen("{$seller_logaccount}，感谢你登陆"); 
  }

  function do_logout()
  {
    global $BIZ, $DB, $SESS, $HTTP_COOKIE_VARS;
		
    $BIZ -> clear_cache(null,$BIZ->seller['seller_id']);
		
    // Update the DB
		
    $DB->db_query("UPDATE biz_session SET ".
		  "seller_logaccount='',".
		  "seller_id='0'".
		  "WHERE id='". $SESS->session_id ."'");
				     
    $DB->db_query("UPDATE biz_seller SET seller_last_time ='".time()."' WHERE seller_id='".$BIZ->seller['seller_id']."'");
				     
    // Set some cookies
		
    $BIZ->my_setcookie( "member_id" , "0"  );
    $BIZ->my_setcookie( "pass_hash" , "0"  );
    $BIZ->my_setcookie( "anonlogin" , "-1" );

      
    $BIZ ->assign("seller",0);
    $BIZ ->redirect_screen("您已经安全退出");
  }
}
?>
